1
00:00:00,280 --> 00:00:01,113
<v ->Welcome back.</v>

2
00:00:01,113 --> 00:00:03,160
So in this lesson, we are going to discuss

3
00:00:03,160 --> 00:00:06,020
understanding custom logging options.

4
00:00:06,020 --> 00:00:08,530
So what that means is I'm going to walk you

5
00:00:08,530 --> 00:00:11,680
through the process of how we collect those custom logs

6
00:00:11,680 --> 00:00:13,170
and then I'm going to hop into the portal

7
00:00:13,170 --> 00:00:15,730
and I'm going to actually show that to you live.

8
00:00:15,730 --> 00:00:17,890
And before we jump into the lesson, huh?

9
00:00:17,890 --> 00:00:19,613
See the picture on the right?

10
00:00:19,613 --> 00:00:22,440
Logs, custom, yeah, all right.

11
00:00:22,440 --> 00:00:24,100
So the jokes aren't going to get any better,

12
00:00:24,100 --> 00:00:26,200
but with that, let's jump into the lesson.

13
00:00:27,100 --> 00:00:30,010
All right, so there's 5 and a bit, right?

14
00:00:30,010 --> 00:00:33,360
So it all starts with Log Analytics.

15
00:00:33,360 --> 00:00:35,680
We're going to have to have a Log Analytics account

16
00:00:35,680 --> 00:00:37,480
set up and configured.

17
00:00:37,480 --> 00:00:39,330
If you have that set up, hey,

18
00:00:39,330 --> 00:00:41,520
you got your first half step done.

19
00:00:41,520 --> 00:00:43,470
There's 5 more steps after that.

20
00:00:43,470 --> 00:00:45,460
So basically we're going to upload

21
00:00:45,460 --> 00:00:48,530
and we're going to parse a custom sample log.

22
00:00:48,530 --> 00:00:50,580
So we're going to upload a file

23
00:00:50,580 --> 00:00:53,893
that Log Analytics can then parse to do something with.

24
00:00:54,810 --> 00:00:58,293
So what we're going to use is File Wizard for that.

25
00:00:59,480 --> 00:01:02,360
Then we're going to add our log collection paths.

26
00:01:02,360 --> 00:01:04,840
So Log Analytics needs to know where it can go

27
00:01:04,840 --> 00:01:08,980
on your computer to find those custom logs in the future.

28
00:01:08,980 --> 00:01:12,810
So we're just going to simply type in and explain

29
00:01:12,810 --> 00:01:14,873
where those log paths are located.

30
00:01:16,070 --> 00:01:18,280
We're going to provide a name and description,

31
00:01:18,280 --> 00:01:22,490
so let's just say Tim and Lord of the Log Files

32
00:01:22,490 --> 00:01:23,553
for a description.

33
00:01:24,550 --> 00:01:27,510
And then 4, we're going to double check our work.

34
00:01:27,510 --> 00:01:31,430
And then 5, we're just going to parse custom log entries.

35
00:01:31,430 --> 00:01:34,730
So basically once we have those custom logs being run,

36
00:01:34,730 --> 00:01:37,430
we can parse that or break out that data

37
00:01:37,430 --> 00:01:41,060
into a more manageable set of entries

38
00:01:41,060 --> 00:01:43,260
that we can then run queries on.

39
00:01:43,260 --> 00:01:46,590
And that parse query down there at the bottom,

40
00:01:46,590 --> 00:01:47,850
it could be whatever you want.

41
00:01:47,850 --> 00:01:50,890
It's going to be very specific to your log,

42
00:01:50,890 --> 00:01:52,360
but just remember that you can

43
00:01:52,360 --> 00:01:53,830
parse your custom log entries

44
00:01:53,830 --> 00:01:57,250
and that's typically the last step in this process.

45
00:01:57,250 --> 00:01:59,790
So with that, let's jump over into the portal

46
00:01:59,790 --> 00:02:01,890
and let me actually show this to you live.

47
00:02:03,630 --> 00:02:07,090
All right, so here we find ourselves in Log Analytics.

48
00:02:07,090 --> 00:02:11,410
And in here I have scrolled down and clicked on Custom logs,

49
00:02:11,410 --> 00:02:13,140
which is where we're going to start.

50
00:02:13,140 --> 00:02:15,840
So we have our Log Analytics, that's our half step,

51
00:02:15,840 --> 00:02:18,760
and now I'm going to add a custom log.

52
00:02:18,760 --> 00:02:21,300
It all starts with selecting a sample log,

53
00:02:21,300 --> 00:02:22,600
so I'm going to click.

54
00:02:22,600 --> 00:02:24,863
So let's just choose this file here.

55
00:02:25,790 --> 00:02:28,820
There we go, now we have our file and it has been uploaded.

56
00:02:28,820 --> 00:02:30,870
Step 1 complete.

57
00:02:30,870 --> 00:02:33,850
Next, we're going to choose our delimiter.

58
00:02:33,850 --> 00:02:35,900
I can either pick a timestamp

59
00:02:35,900 --> 00:02:39,070
or I can click on one of the records,

60
00:02:39,070 --> 00:02:41,070
so we'll just choose this one for now.

61
00:02:41,070 --> 00:02:43,280
Again, this is more for demonstration purposes

62
00:02:43,280 --> 00:02:44,580
than anything.

63
00:02:44,580 --> 00:02:46,930
Next we're going to give our collection path.

64
00:02:46,930 --> 00:02:49,370
So we want to choose our selection path.

65
00:02:49,370 --> 00:02:51,410
So let's just go ahead and use the sample,

66
00:02:51,410 --> 00:02:55,613
but we would choose whatever it is that you need here.

67
00:02:56,670 --> 00:02:58,440
So we choose our collection path,

68
00:02:58,440 --> 00:03:01,550
and so this is our step 2.

69
00:03:01,550 --> 00:03:03,310
Click on Next.

70
00:03:03,310 --> 00:03:07,290
This is Tim and Lord of the Log Files, right?

71
00:03:07,290 --> 00:03:08,860
There we go.

72
00:03:08,860 --> 00:03:12,100
And then step 4, double check your work.

73
00:03:12,100 --> 00:03:15,330
So we would go through and just simply create

74
00:03:15,330 --> 00:03:17,970
and it's going to create, and there you go, that fast.

75
00:03:17,970 --> 00:03:21,500
There is Tim, our brand new custom log.

76
00:03:21,500 --> 00:03:23,490
So it's really that simple.

77
00:03:23,490 --> 00:03:25,740
So with that, let's jump back over here

78
00:03:26,670 --> 00:03:29,723
and run through just a couple of points to remember.

79
00:03:30,560 --> 00:03:32,900
1. Do you remember the service?

80
00:03:32,900 --> 00:03:35,980
2. Do you remember the 5 steps?

81
00:03:35,980 --> 00:03:37,210
That's pretty much it.

82
00:03:37,210 --> 00:03:38,770
If you got those 2 things down,

83
00:03:38,770 --> 00:03:40,780
you're definitely good to go on to the next service.

84
00:03:40,780 --> 00:03:42,520
I wouldn't even spend a whole lot of time

85
00:03:42,520 --> 00:03:44,670
on memorizing the 5 steps.

86
00:03:44,670 --> 00:03:48,480
Just sort of remember the basics of, hey, Log Analytics,

87
00:03:48,480 --> 00:03:51,780
we can upload a custom file using the wizard.

88
00:03:51,780 --> 00:03:53,780
We can pull that in.

89
00:03:53,780 --> 00:03:55,040
Once we have that file in,

90
00:03:55,040 --> 00:03:57,120
we can parse it however we need to.

91
00:03:57,120 --> 00:03:59,070
You got that down? Now you understand

92
00:03:59,070 --> 00:04:00,993
how custom logging options work.